Tag

Msix

All articles tagged with #msix

"Microsoft Shuts Down MSIX Protocol to Block Malware Exploits"

Originally Published 2 years ago — by TechRadar

Microsoft has taken action to disable the ms-appinstaller protocol handler by default due to its exploitation by hackers to deploy malware, including ransomware. The company observed four threat actors, including Storm-0569 and FIN7, using the handler to bypass security mechanisms and distribute malware through fake ads and phishing via Microsoft Teams. The handler is now disabled in App Installer version 1.21.3421.0 or higher to prevent further abuse. This follows previous incidents where MSIX files were used for malware distribution, highlighting ongoing cybersecurity challenges.

technology technology-and-cybersecurity cybersecurity malware microsoft msix ransomware technology-and-cybersecurity

"MSIX App Packages Exploited by Hackers to Spread GHOSTPULSE Malware on Windows PCs"

Originally Published 2 years ago — by The Hacker News

Hackers are using spurious MSIX Windows app package files for popular software to distribute a new malware loader called GHOSTPULSE. The attack campaign entices potential targets to download the MSIX packages through compromised websites, SEO poisoning, or malvertising. Once launched, the MSIX file downloads GHOSTPULSE on the compromised host via a PowerShell script. The malware employs various techniques, including DLL side-loading and module stomping, to execute multiple payloads, ultimately loading GHOSTPULSE and other malware such as SectopRAT, Rhadamanthys, Vidar, Lumma, and NetSupport RAT.

technology malware-endpoint-security cyber-attack ghostpulse malware malware-endpoint-security msix windows-pc